• Post Reply Bookmark Topic Watch Topic
  • New Topic

secure file uploading with apache commons fileuploading

 
david hu
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am using apache commons fileupload to let users to upload their files to a web site. The web site itself is using https protol, so that the file is securely uploade through the internet using the HTML form based uploading process. However, when the file lands on the hard disk of the web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker, these files will be exposed to the attacker, is there a way to do the follows:

1) Make the landed file to be encrypted when it is landing (even for the temporary file that the fileuploading process written during the file upload process).

2) Is there any other alternative approach to achieve this, e.g. another libary I can use to make the downloaded file always to be encrypted?


I can alway encrypt the file after the whole file is landed, but this is not desired. Since the temporary file written by the file uploading process is not encrypted.Also there is a delay between the landing of the whole file and the start of the encryption process.


Thanks,

David
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please don't post the same question to multiple forums. Let's continue the discussion in the duplicate post in the Security forum, where I'll post an answer shortly.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!